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DETAILED ACTION 

1 . Claims 1 - 27 and 29 - 35 are pending for examination. 

Continued Examination Under 37 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
10/20/2009 has been entered. 

Specification 

3. The abstract of the disclosure is objected to because it includes legal 
phraseology such as 'comprising", "said". Correction is required. See MPEP 
§ 608.01(b). 

4. The specification is objected to as failing to provide proper antecedent basis for 
the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01 (o). Correction 
of the following is required: As to claim 10, line 1 - 2, examiner could not find 
anywhere in the specification wherein the search engine can add resources common to 
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a current set of users. The search engine is well-known in the art that it only searches 
the match and return hits. As to claim 7, the discovery unit add resources and remove 
users, not the search engine itself. For examination purpose, examiner treats the 
limitation as "the discovery unit" does the adding. 

Claim Objections 

5. Claim 1 - 12, 17 - 24, 32, 33, 29 - 31 are objected to because of the following 
informalities: 

6. Claim 1 , line 6 and 12, "users" and "resources" should be -the users- and -the 
resources-. 

7. Claim 29, lines 3, "nodes" should be "the nodes" or -said nodes-. 

8. Claim 30, line 9, "the nodes" has improper antecedent basis. 

9. claim 31, 

a. line 4, "the user" has improper antecedent basis. 

b. line 5, "users" should be "the users". 
Appropriate correction is required. 



Claim Rejections - 35 USC §112 

10. The following is a quotation of the first paragraph of 35 U.S. C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 
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11. Claims 1 - 27, 29 - 35 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains 
subject matter which was not described in the specification in such a way as to 
reasonably convey to one skilled in the relevant art that the inventor(s), at the 
time the application was filed, had possession of the claimed invention. 

12. As to claim 1, line 15, examiner could not anywhere in the specification the 
amended limitation "automatically determined". Examiner only found that the method 
doing by administrator (0055). 

1 3. As to claims 25 - 26, 29 - 31, 34 - 35, examiner could not anywhere in the 
specification the amended limitation "automatically determined". 



Claim Rejections - 35 USC § 102 

14. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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15. Claims 1 - 7, 10, 17 - 18, 25 - 27, 29 - 35 are rejected under 35 U.S.C. 102(e) 
as being anticipated by Stone, US pub. no. 2003/0233439. 

16. Stone reference was cited in previous office action. 

1 7. As to claim 1 , Stone teaches a computer apparatus configured to discover roles 
from structure existing amongst users to whom resources have been assigned, the 
apparatus comprising: 

a processor (inherent to execute the computer); 

a discovery unit, operable via said processor, configured for searching for 
patterns within links between users and said resources partitioned into a set of nodes of 
users and a set of nodes of resources (directory services system 32 provides a search 
engine for supporting access of user resources, client links to documents, web pages or 
other resources in an index, table of contents or a topical hierarchy, 0056 - 0057, 0060 
-0061, 0077, 0093) wherein: 

each user of said set of nodes of users comprises a node with an 
assignment of resources from the set of nodes of resources (user accesses to multiple 
resources, 0059); 

the links comprise said assignments between respective users and 
resources (a user group is authenticated for access to a resource, 0057); 

a grouping unit, associated with said discovery unit, configured to use said 
discovered patterns to form at least one group from said user nodes or said resource 
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nodes using said discovered patterns, (template can be used to form new user group, 
0093 - 0095), such that (examiner notes that this is intended use): 

users or resources having all or a subset of at least two links to common 
resources or users are automatically determined (automatically apply, 0098) to 
be placed into a same group (assigns user rights and group rights to accessing 
or editing corresponding data/resources, 0059 - 0061 , 0063, 0089); 

the users or resources of the at least one group did not exist as a group 
prior to the discovery unit searching for patterns within the links (new group, 
0094); 

an output unit configured for outputting said at least one group of users or 
resources as a role (new groups, 0094). 

18. As to claim 2, Stone teaches wherein said links comprises access permissions 
(permissions, 0059). 

1 9. As to claim 3, Stone teaches wherein links comprises usage levels of respective 
resources by respective users (user access applications/resources, 0059). 

20. As to claim 4, Stone teaches wherein links comprises user access permission 
levels for respective users (permission, 0059). 
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21 . As to claim 5, Stone teaches wherein said role is definitive of a use role on said 
network (network, 0097). 

22. As to claim 6, Stone teaches wherein said user nodes comprise entities having 
attributes, and said links comprises a respective user possessing a respective attribute 
(assign user rights and group rights to accessing or editing corresponding data, 0063, 
0089). 

23. As to claim 7, Stone teaches said discovery unit is associated with a search 
engine (directory services system 32 comprises a search engine, 0056, 0077, 0093) 
operable to use a search tree (tree, 0032) to begin with a single resource and its 
associated users, and iteratively to add resources and remove users not having a 
predefined relationship with said iteratively added resources, to meet a resource 
number, or a user number constraint (add or remove users as part of user maintenance, 
0060, 0088, 0097). 

24. As to claim 10, Stone teaches wherein said search engine is operable within 
said iterative stages to add further resources common to a current set of users (add or 
remove users as part of user maintenance, 0060, 0088, 0097). 

25. As to claim 17, Stone teaches wherein said discovery unit is operable to use 
said pattern recognition within an iterative tree searching process (directory services 
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system 32 comprises network directory service (NDS) presented in tree structure, and 
directory services system comprise the search engine, 0056 - 0057, 0060 - 0061 , 0077, 
0093); 

26. As to claim 18, Stone teaches wherein said discovery unit is operable to insert 
said groupings as an intermediate set amongst said nodes (add or remove users as part 
of user maintenance, 0060, 0088, 0097). 

27. As to claim 25, Stone teaches a role discovery method for electronically 
grouping nodes according to existing relationships with resources, the method 
comprising: 

Discovering existing relationship patterns between an arrangement of nodes and 
resources across a partition between said node and resources, wherein the patterns are 
discovered from predetermined relationships between ones of said resources and 
corresponding nodes (directory services system 32 provides a search engine for 
supporting access of user resources, client links to documents, web pages or other 
resources in an index, table of contents or a topical hierarchy, 0056 - 0057, 0060 - 
0061 , 0077, 0093); 

using said discovered patterns, automatically determining (automatically apply, 
0098) groupings of said arrangement of nodes, wherein nodes within said groupings 
share relationships with at least two common resources (template can be used to form 
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new user group, and administrator assigns user rights and group rights to accessing or 
editing corresponding data/resources, 0059 - 0061 , 0063, 0089, 0093 - 0095), 

wherein the nodes of each of the groupings did not exist as a group prior to the 
discovery the existing relationship patterns (new group, 0094); 

outputting said grouping of nodes having common patterns of at least two 
existing relationship as a role (new groups, 0094). 

28. As to claim 26, this is the hardware claim of claim 1 . See rejection for claim 1 
above. 

29. As to claim 27, Stone teaches a computer device comprising: 
a processor (inherent to run the computer device); 

a first series of user definitions, each user in said definitions defined as a user 
node (user, 0094 - 0095); 

a second series of resource definitions, each resource in said definitions defined 
as a resource node (applications, 0094 - 0095); 

access data indicating access of users to respective resources (user group that 
have similar attribute values or application access, 0094); 

a pattern recognition unit operable with said processor for recognizing pre- 
existing patterns in said access data (template, 0094 - 0095) said patterns indicative of 
a way of grouping said user nodes of said each user so as to discover groups of user 
nodes having common subsets of access data of at least two resources (template can 
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be used to form new group, and user group is authenticated for access to a resource, 
and the user resources can be searched, 0056 - 0057, 0060 - 0061, 0084, 0089, 0095); 

wherein the user nodes of the discovered groups did not exist as a group prior to 
recognizing the pre-existing patterns in the access data (new user group, 0094); 

a group definition unit operable with said processor and said pattern recognition 
unit configured to output groups so discovered as roles (new user group, 0094 - 0095). 

30. As to claim 29, this is the apparatus claim of claim 25. See rejection for claim 
25 above. 

31 . As to claim 30, Stone teaches a group discovery method comprising: 
electronically searching for links between nodes partitioned into a first data set 

and a second data set, wherein: said links exist between nodes in the first data set and 
nodes in the second data set (directory services system 32 provides a search engine for 
supporting a selection of user resources or client links to documents, web pages or 
other resources in an index, table of contents or a topical hierarchy, 0056 - 0057, 0060 
-0061, 0077, 0093); 

automatically determining (automatically apply, 0098) a grouping of nodes in said 
first set according to respective links found by the electronic searching (the directory 
services system provides search engine to support the selection of user resources, 
searching or browsing the template, 0056 - 0057, 0060 - 0061 , 0077, 0093) such that 
(examiner notes that this is intended use) all nodes in said first set having links to at 
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least two commonly held nodes (user accesses to multiple resources, 0059) in said 
second set are assigned to a same group, thereby discovering groups in said data 
(template can be used to form new groups that have similar attribute value, 0094); 

wherein the nodes of the grouping did not exist as a group prior to electronically 
searching for the links (new group, 0094). 

32. As to claim 31 , Stone teaches a method of grouping users having links or 
attributes into one or more groups based on said links or attributes, the method 
comprising: 

searching for links or attributes of the users, wherein the links or attributes of 
each user characterize an association between user and resources (directory services 
system 32 provides a search engine for supporting access of user resources, client links 
to documents, web pages or other resources in an index, table of contents or a topical 
hierarchy, 0056 - 0057, 0060 - 0061 , 0077, 0093); 

automatically determining (automatically apply, 0098) a group for users sharing 
all or a subset of at least two of said links or attributes (user accesses to multiple 
resources, [0059]) discovered by the searching step (user group is authenticated for 
access to a resource, and the user resources can be searched, 0056 - 0057, 0060 - 
0061 , 0084, 0089, 0095); 

wherein the users of the group did not exist as a group prior to searching for the 
links (new group, 0094); 
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outputting said automatically determined group (template can be used to form 
new groups, 0094, 0095). 

33. As to claim 32, see rejection for claim 7 above. 

34. As to claim 33, Stone teaches wherein said outputting said group comprises 
outputting a characteristic of said group (new groups, 0094). 

35. As to claim 34, this is the method claim of claim 30. See rejection for claim 30 
above. 

36. As to claim 35, this is the apparatus claim of claim 30. See rejection for claim 
30 above. 



Claim Rejections - 35 USC § 103 

37. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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38. Claim 19 is rejected under 35 U.S.C. 
Stone, US pub. no. 2003/0233439. 
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103(a) as being unpatentable over 



39. As to claim 19, Stone teaches wherein said users and said resources are 
arranged into three sets (tree structure has at least three sets, 0032), an intermediate 
one of said sets comprising predetermined relationship dependent groupings of at least 
some of the users in a first of said sets (users access to assigned 
resources/applications, 0095). 

Stone does not explicitly teach add new groups to said intermediate set. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to recognize that adding new groups can be in any set depending 
on accessed levels and requirements of new groups. 

40. Claims 8 -9, 11 - 12 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Stone, US pub. no. 2003/0233439 in view of Franklin, US pub. 
no. 2001/0023440. 

41 . As to claim 8 and 9, Stone does not explicitly teach the search engine is 
operable to use a homogeneity measure to determine whether to consider a candidate 
grouping in said search. 
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Franklin teaches the search engine is operable to use a homogeneity measure to 
determine whether to consider a candidate grouping in said search (search engines 
106, may include sophisticated methodologies for creating and executing theories to 
locate specific objects 92 in an object tree 90 within a directory services system, 0050). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the teachings of Stone and Franklin because Franklin's 
search engine with executing theories to locate specific objects would determine 
whether to consider a candidate grouping during the search (0050). 

42. As to claim 11, Franklin teaches wherein said search engine is operable to 
compute a set of all users related to a current set of resources (search returns a list of 
match, 0050). 

See motivation for claim 8 above. 

43. As to claim 12, Franklin teaches wherein said search engine is operable to 
consider for expansion all resources outside said current set of resources that have at 
least one relationship connection with a current set of users (0050 and 0059). 

See motivation for claim 8 above. 

44. Claims 20 - 24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Stone, US pub. no. 2003/0233439 in view of Brown, US patent no. 5,941,947. 
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45. Brown reference was cited in previous office action. 

46. As to claim 20, Stone does not explicitly teach wherein the input is associated 
with a graphical expositor which presents the input in a graph. 

Brown teaches wherein the graphical expositor presents the input in a graph 
(acyclic graphs, col. 12 lines 51 - col. 13 line 38). 

It would have been obvious to one of skill in the art at the time the invention was 
made to combine the teaching of Stone and Brown's system because Brown's graph 
would provide the graph structure with partitioned groups on different levels for easy 
input to the tree structure of Stone's system to control the network nodes partitions and 
searchable. 

47. As to claim 21, Stone teaches the user would manually interact using graphical 
to manually assign modify the groupings discovered by the pattern recognition engine 
(administrator uses to tool to add user, 0038). 

48. As to claims 22 - 23, Brown teaches the steps of wherein the graphical 
expositor is further operable to partition the graph into sub-graphs (each child node in 
hierarchical directory structures in the form of directed acyclic graphs, is a sub-graph, 
col. 12 lines 51 - col. 13 line 38), each of the sub-graphs itself being a mentioned graph 
having at least two partitions, sub-graphs being limited to it subset of the nodes in one 
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of the partitions, and further comprising all the nodes in the other partition that are linked 
thereto, and wherein the pattern recognition unit is further operable to perform 
groupings on each of the sub-graphs, and then to merge the results into a full graph (the 
whole hierarchical graph is a full graph, col. 12 lines 51 - 67). 

49. As to claim 24, see rejection for claim 21 above. 



Allowable Subject Matter 

50. Claims 13 - 16 are objected to as being dependent upon a rejected base claim, 
but would be allowable if rewritten in independent form including all of the limitations of 
the base claim and any intervening claims. 



Response to Arguments 

51 . Applicant's arguments; regarding to claims 1 - 6, 20 - 27, 29 - 31 , 33 - 35 have 
been fully considered, but they are not persuasive; regarding to claims 7-12, 17-19, 
32 have been considered but are moot in view of the new ground(s) of rejection. 

52. Applicant argued that Stone does not teach the amended limitations "users and 
resources having at least two links to common to resources or users are automatically 
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determined to be placed on the same group", and "the users or resources did not exist 
as group prior to discovery unit searching for pattern within the links" (page 15 lines 10 
-15). 

In response, as mentioned during the interview, both applicant and examiner 
could not find "automatically determined". Applicant said that applicant would find the 
supports for the amended limitation, and respond. As responded in an applicant 
summary of interview with examiner, applicant pointed to page 3 lines 8-11, examiner 
notes that it is in a summary of invention, not in the body of invention where the method 
can be implemented. 

Stone teaches the template may be used to create user groups to automatically 
apply a default attributes associated with the user or group would comprise 
automatically determined. Stone teaches the users or resources did not exist as group 
prior to discovery unit searching for pattern within the links (new user group, 0094). 

53. Stone does not teach usage levels much less wherein .... Respective users 
(page 15 lines 25-26). 

In response, when user access to particular applications/resources, it is usage 
levels of users and respective resources (0059). 

54. Applicant argued that Brown does not teach groupings on each of the subgraphs, 
and then to merge the results into a full graph as to claim 22 - 23 (page 17 lines 13 - 
15). 
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In response, each child node in hierarchical directory structures in the form of 
directed acyclic graphs, is a sub-graph, col. 12 lines 51 - col. 13 line 38), and the whole 
hierarchical graph is a full graph with 1 parent node and multiple child nodes (col. 12 
lines 51 - col. 13 lines 38). 



Conclusion 

55. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to PHUONG N. HOANG whose telephone number is 
(571 )272-3763. The examiner can normally be reached on Monday - Friday 9:00 am to 
5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Hyunh S. Sough can be reached on 571-272-6799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Hyung S. Sough/ /P. N. H./ 

Supervisory Patent Examiner, Art Unit 2194 Examiner, Art Unit 2194 

01/04/10 



